Views:
Permissions for Devices are granted to each user role, as described in the following table.
Capability Operator Admin Superuser
Device management: remote login as the Operator user. x    
Device network management: View traffic capture. x x x
Event management: View status, device health, audit logs, or system logs. x x x
General device management: View configurations, DDoS settings, and snapshots. x x x
Device management: Remote login as the Admin user.   x  
Device network management: Manage traffic capture.   x x
Event management: Ability to clear adaptive filter states, blocked IP addresses, trusted streams, rate limited streams, and blocked streams.   x x
Edit device health, flush or re-sync identity sessions or user groups, quarantine management, and view SSL or VPN logs.   x x
General device management: Manage DDoS settings and snapshots, and VLAN manager.   x x
Configuration management: Ability to edit:
  • Adaptive Filter Configuration (AFC)
  • Global SSL
  • HA
  • Host IP filters
  • NAT
  • NMS
  • Servers
  • TSE
  • Authentication preferences
  • Performance protection
  • Remote syslog
  • Services
  • Time
  • sFlow management configurations
   x x
High privilege management: Identity configuration.   x x
Manage X-series devices.
  x x
NGFW/TPS device management of:
  • ARP/NDP configuration
  • DHCP configuration
  • DNS host and proxy cache configuration
  • Captive portal settings
  • Device high availability
  • Network interfaces and segments
  • Route configuration
  • VPN configuration
  • X509 certificate configuration
Note
Note
You must select these capabilities to manage a TPS device on the SMS.
  x x
Segment group membership: Distribute to a segment group and manage segment groups.   x x
TOS management: Delete previous TOS versions, roll back TOS, and manage TOS.   x x
Device group/stack management: Manage device group or stack structure.     x
Device management: Export configuration and remote login as the superuser.     x
Device network management: Ability to manage ports, segments, and inspection bypass rules.     x
Configuration management: Ability to edit management information, management routes, and security configurations.     x
High privilege management: Ability to edit permissions, permissions for segment groups, FIPS management, Intrinsic HA, and virtual segment manager.     x
High privilege device management of :
  • Add
  • Manage
  • Unmanage
  • Replace
  • Reboot
  • Delete device
  • Manage device users
  • Install certificate
  • Reset IPS filters
  • Distribution queue manager
     x
Log management: Ability to reset audit, block, misuse, quarantine, device reset alert, and system logs. Reset packet stats and traces.     x